On Tue, 4 May 2004, Craig Huckabee wrote: > > Where can the regular expressions discussed in 'doc/variables.txt' be > used ? I'd like to modify the User-Name attribute as passed in for use > as a filter for rlm_ldap. > > For example, during an EAP-TLS, I get an EAP packet like this: > > NAS-IP-Address = ... > NAS-Port-Type = Async > User-Name = "host/g21476.fo.bar" > Service-Type = Framed-User > Framed-MTU = 1500 > Calling-Station-Id = ... > State = ... > EAP-Message = ... > Message-Authenticator = ... > > > I'd like to strip off the 'host/' from User-Name and use that as a > filter in rlm_ldap for the authorize step, like: > > ldap { > ... > User-Name =~ "^([^/]+)/(.*)" > filter = "(cn=`%{2}`)" > ... > } > That fails horribly (cn='') so I'm not sure where those types of regex > statements can be used in radiusd.conf.
The above won't work. You can't just add the User-Name line in the rlm_ldap configuration and expect it to work. You can either use rlm_attr_rewrite to strip the 'host/' part, or probably add a Hint variable in the users file and use that as the filter: --users-- DEFAULT User-Name =~ "^([^/]+)/(.*)", Hint := `%{2}` --radiusd.conf-- ldap { filter = "(cn=%{check:Hint})" ... } > > Is that possible or am I completely misunderstanding variables.txt ? > I'm running FreeRADIUS built from CVS as of 4/21/04. > > Thanks, > Craig > > PS Forgive the wandering nature of this e-mail, 12+ hours at work... > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html